From 2c303dc695e204f06fa306b1d1f4ba9d67a9012f Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 13:25:29 +0000 Subject: [PATCH 1/7] feat(nix): integrate uv2nix for Python dependency management Replace uv-managed .venv with Nix-managed Python environments using uv2nix. This provides fully reproducible builds with dependencies cached in the Nix store, eliminating the need for uv sync in CI. Key changes: - Add uv2nix, pyproject-nix, and pyproject-build-systems inputs - Create devShells for Python 3.11 and 3.13 (default, python311, python313) - Add build system overrides for pypika (setuptools) and stackone-ai (editables) - Update CI matrix to use nix develop .#pythonXXX instead of uv sync - Simplify setup-nix action with gc-max-store-size for cache management - Add lint-fix alias to justfile The .venv directory is no longer needed as all dependencies are managed by Nix. Both Nix and non-Nix users can still use uv run commands which will work in either environment. --- .github/actions/setup-nix/action.yaml | 5 +- .github/workflows/ci.yaml | 19 +-- flake.lock | 102 ++++++++++++-- flake.nix | 194 ++++++++++++++++++++------ justfile | 5 +- 5 files changed, 247 insertions(+), 78 deletions(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index ab9917a..9a64c20 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -12,7 +12,4 @@ runs: uses: nix-community/cache-nix-action@b426b118b6dc86d6952988d396aa7c6b09776d08 # v7 with: primary-key: nix-${{ runner.os }} - - - name: Load Nix development environment - shell: bash - run: nix develop --command true + gc-max-store-size: 4G diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 77dc8b5..5585127 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,12 +34,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: ["3.11", "3.13"] - include: - - python-version: "3.11" - sync-extras: "--all-extras" - - python-version: "3.13" - sync-extras: "--all-extras" + python-version: ["python311", "python313"] env: STACKONE_API_KEY: ${{ secrets.STACKONE_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} @@ -52,17 +47,14 @@ jobs: - name: Setup Nix uses: ./.github/actions/setup-nix - - name: Install dependencies - run: nix develop --command just install ${{ matrix.sync-extras }} - - name: Run Lint - run: nix develop --command just lint + run: nix develop .#${{ matrix.python-version }} --command just lint - name: Run Ty - run: nix develop --command just ty + run: nix develop .#${{ matrix.python-version }} --command just ty - name: Run Tests - run: nix develop --command just test + run: nix develop .#${{ matrix.python-version }} --command just test coverage: runs-on: ubuntu-latest @@ -79,9 +71,6 @@ jobs: - name: Setup Nix uses: ./.github/actions/setup-nix - - name: Install dependencies - run: nix develop --command just install --all-extras - - name: Run Tests with Coverage run: nix develop --command just coverage diff --git a/flake.lock b/flake.lock index d16a84c..8248742 100644 --- a/flake.lock +++ b/flake.lock @@ -3,15 +3,15 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -41,11 +41,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1765911976, - "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", + "lastModified": 1767281941, + "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", + "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", "type": "github" }, "original": { @@ -108,11 +108,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1766870016, - "narHash": "sha256-fHmxAesa6XNqnIkcS6+nIHuEmgd/iZSP/VXxweiEuQw=", + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5c2bc52fb9f8c264ed6c93bd20afa2ff5e763dce", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", "type": "github" }, "original": { @@ -138,12 +138,61 @@ "type": "github" } }, + "pyproject-build-systems": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "pyproject-nix": [ + "pyproject-nix" + ], + "uv2nix": [ + "uv2nix" + ] + }, + "locked": { + "lastModified": 1763662255, + "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "042904167604c681a090c07eb6967b4dd4dae88c", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1764134915, + "narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "2c8df1383b32e5443c921f61224b198a2282a657", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, "root": { "inputs": { "flake-parts": "flake-parts", "git-hooks": "git-hooks", "nixpkgs": "nixpkgs_2", - "treefmt-nix": "treefmt-nix" + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "treefmt-nix": "treefmt-nix", + "uv2nix": "uv2nix" } }, "treefmt-nix": { @@ -151,11 +200,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1766000401, - "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", + "lastModified": 1767122417, + "narHash": "sha256-yOt/FTB7oSEKQH9EZMFMeuldK1HGpQs2eAzdS9hNS/o=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", + "rev": "dec15f37015ac2e774c84d0952d57fcdf169b54d", "type": "github" }, "original": { @@ -163,6 +212,29 @@ "repo": "treefmt-nix", "type": "github" } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "pyproject-nix": [ + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1767152253, + "narHash": "sha256-xxuRsew0pedwptVnhfru01xbe+dDhI+OY1kCFDMxBUs=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "7a3eb140416318349ec58d2d4e81afe071bc9f03", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 509a98f..1a94c1c 100644 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,25 @@ flake-parts.url = "github:hercules-ci/flake-parts"; git-hooks.url = "github:cachix/git-hooks.nix"; treefmt-nix.url = "github:numtide/treefmt-nix"; + + # uv2nix inputs + pyproject-nix = { + url = "github:pyproject-nix/pyproject.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + uv2nix = { + url = "github:pyproject-nix/uv2nix"; + inputs.pyproject-nix.follows = "pyproject-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + pyproject-build-systems = { + url = "github:pyproject-nix/build-system-pkgs"; + inputs.pyproject-nix.follows = "pyproject-nix"; + inputs.uv2nix.follows = "uv2nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -13,8 +32,26 @@ flake-parts, git-hooks, treefmt-nix, + nixpkgs, + pyproject-nix, + uv2nix, + pyproject-build-systems, ... }: + let + # Load uv2nix workspace + workspace = uv2nix.lib.workspace.loadWorkspace { workspaceRoot = ./.; }; + + # Create overlay from uv.lock + overlay = workspace.mkPyprojectOverlay { + sourcePreference = "wheel"; + }; + + # Editable overlay for development + editableOverlay = workspace.mkEditablePyprojectOverlay { + root = "$REPO_ROOT"; + }; + in flake-parts.lib.mkFlake { inherit inputs; } { systems = [ "x86_64-linux" @@ -31,8 +68,110 @@ { config, pkgs, + system, ... }: + let + # Supported Python versions + pythonVersions = { + python311 = pkgs.python311; + python313 = pkgs.python313; + }; + + # Override for packages that need additional build dependencies + buildSystemOverrides = final: prev: { + pypika = prev.pypika.overrideAttrs (old: { + nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ + final.setuptools + ]; + }); + # stackone-ai needs editables for editable install + stackone-ai = prev.stackone-ai.overrideAttrs (old: { + nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ + final.editables + ]; + }); + }; + + # Helper function to create a Python environment for a given version + mkPythonEnv = + python: + let + pythonSet = + (pkgs.callPackage pyproject-nix.build.packages { + inherit python; + }).overrideScope + ( + nixpkgs.lib.composeManyExtensions [ + pyproject-build-systems.overlays.wheel + overlay + buildSystemOverrides + editableOverlay + ] + ); + in + pythonSet.mkVirtualEnv "stackone-ai-${python.pythonVersion}-env" workspace.deps.all; + + # Create virtualenvs for each Python version + virtualenvs = builtins.mapAttrs (_name: python: mkPythonEnv python) pythonVersions; + + # Default Python version (3.11) + defaultPython = pythonVersions.python311; + defaultVirtualenv = virtualenvs.python311; + + # Helper function to create a devShell for a given Python version + mkDevShell = + python: virtualenv: + pkgs.mkShell { + packages = [ + virtualenv + pkgs.uv + pkgs.just + pkgs.nixfmt-rfc-style + pkgs.basedpyright + + # security + pkgs.gitleaks + + # Node.js for MCP mock server + pkgs.bun + pkgs.pnpm_10 + pkgs.typescript-go + ]; + + env = { + # Prevent uv from managing Python - Nix handles it + UV_NO_SYNC = "1"; + UV_PYTHON = "${python}/bin/python"; + UV_PYTHON_DOWNLOADS = "never"; + }; + + shellHook = '' + echo "StackOne AI Python SDK development environment (Python ${python.pythonVersion})" + + # Set repo root for editable installs + export REPO_ROOT=$(git rev-parse --show-toplevel) + + # Unset PYTHONPATH to avoid conflicts + unset PYTHONPATH + + # Initialize git submodules if not already done + if [ -f .gitmodules ] && [ ! -f vendor/stackone-ai-node/package.json ]; then + echo "Initializing git submodules..." + git submodule update --init --recursive + fi + + # Install Node.js dependencies for MCP mock server (used in tests) + if [ -f vendor/stackone-ai-node/package.json ]; then + if [ ! -f vendor/stackone-ai-node/node_modules/.pnpm/lock.yaml ] || \ + [ vendor/stackone-ai-node/pnpm-lock.yaml -nt vendor/stackone-ai-node/node_modules/.pnpm/lock.yaml ]; then + echo "Installing MCP mock server dependencies..." + (cd vendor/stackone-ai-node && pnpm install --frozen-lockfile) + fi + fi + ''; + }; + in { # Treefmt configuration for formatting treefmt = { @@ -81,7 +220,7 @@ ty = { enable = true; name = "ty"; - entry = "${pkgs.uv}/bin/uv run ty check"; + entry = "${defaultVirtualenv}/bin/ty check"; files = "^stackone_ai/"; language = "system"; types = [ "python" ]; @@ -89,49 +228,18 @@ }; }; - devShells.default = pkgs.mkShell { - buildInputs = with pkgs; [ - uv - just - nixfmt-rfc-style - basedpyright - - # security - gitleaks - - # Node.js for MCP mock server - bun - pnpm_10 - typescript-go - ]; - - shellHook = '' - echo "StackOne AI Python SDK development environment" - - # Initialize git submodules if not already done - if [ -f .gitmodules ] && [ ! -f vendor/stackone-ai-node/package.json ]; then - echo "📦 Initializing git submodules..." - git submodule update --init --recursive - fi - - # Install Python dependencies only if .venv is missing or uv.lock is newer - if [ ! -d .venv ] || [ uv.lock -nt .venv ]; then - echo "📦 Installing Python dependencies..." - uv sync --all-extras - fi - - # Install Node.js dependencies for MCP mock server (used in tests) - if [ -f vendor/stackone-ai-node/package.json ]; then - if [ ! -f vendor/stackone-ai-node/node_modules/.pnpm/lock.yaml ] || \ - [ vendor/stackone-ai-node/pnpm-lock.yaml -nt vendor/stackone-ai-node/node_modules/.pnpm/lock.yaml ]; then - echo "📦 Installing MCP mock server dependencies..." - (cd vendor/stackone-ai-node && pnpm install --frozen-lockfile) - fi - fi + # Development shells for each Python version + devShells = { + default = mkDevShell defaultPython defaultVirtualenv; + python311 = mkDevShell pythonVersions.python311 virtualenvs.python311; + python313 = mkDevShell pythonVersions.python313 virtualenvs.python313; + }; - # Install git hooks - ${config.pre-commit.installationScript} - ''; + # Package outputs + packages = { + default = defaultVirtualenv; + python311 = virtualenvs.python311; + python313 = virtualenvs.python313; }; }; }; diff --git a/justfile b/justfile index f0e40c5..06f33c8 100644 --- a/justfile +++ b/justfile @@ -10,6 +10,9 @@ lint: format: nix fmt +# Alias for format +lint-fix: format + # Run all tests test: uv run pytest @@ -36,7 +39,7 @@ gitleaks: # Update version in __init__.py update-version: - uv run scripts/update_version.py + uv run python scripts/update_version.py # Build package build: From 450bdd7bae256006bf002077fabdc00f137a1e01 Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 13:29:12 +0000 Subject: [PATCH 2/7] fix(ci): add python-version to cache key for parallel jobs Separate cache keys per Python version to prevent cache overwrites when matrix jobs run in parallel. Default to python311 since it matches the default devShell. --- .github/actions/setup-nix/action.yaml | 9 ++++++++- .github/workflows/ci.yaml | 2 ++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index 9a64c20..f756697 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -1,5 +1,10 @@ name: "Setup Nix" description: "Install Nix and configure cache" +inputs: + python-version: + description: "Python version for cache key (e.g., python311, python313)" + required: false + default: "python311" runs: using: "composite" steps: @@ -11,5 +16,7 @@ runs: - name: Cache Nix store uses: nix-community/cache-nix-action@b426b118b6dc86d6952988d396aa7c6b09776d08 # v7 with: - primary-key: nix-${{ runner.os }} + primary-key: nix-${{ runner.os }}-${{ inputs.python-version }} + restore-prefixes-first-match: | + nix-${{ runner.os }}- gc-max-store-size: 4G diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 5585127..cb404c9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -46,6 +46,8 @@ jobs: - name: Setup Nix uses: ./.github/actions/setup-nix + with: + python-version: ${{ matrix.python-version }} - name: Run Lint run: nix develop .#${{ matrix.python-version }} --command just lint From c5f7aa83743d5fbf03206c16f087cf7e31510be0 Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 13:31:12 +0000 Subject: [PATCH 3/7] fix(nix): set VIRTUAL_ENV for ty to find site-packages ty needs VIRTUAL_ENV to locate the Python environment's site-packages. Without this, ty looks for .venv which doesn't exist in the Nix environment. Also update justfile to conditionally use 'uv run' prefix only when not in a Nix environment (detected via VIRTUAL_ENV). This makes commands work for both Nix and non-Nix users. --- flake.nix | 2 ++ justfile | 15 +++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index 1a94c1c..f93d60f 100644 --- a/flake.nix +++ b/flake.nix @@ -144,6 +144,8 @@ UV_NO_SYNC = "1"; UV_PYTHON = "${python}/bin/python"; UV_PYTHON_DOWNLOADS = "never"; + # Set VIRTUAL_ENV for tools like ty that look for site-packages + VIRTUAL_ENV = "${virtualenv}"; }; shellHook = '' diff --git a/justfile b/justfile index 06f33c8..5d47b76 100644 --- a/justfile +++ b/justfile @@ -1,3 +1,6 @@ +# Helper to run Python commands (uses uv run if not in Nix environment) +_run := if env("VIRTUAL_ENV", "") != "" { "" } else { "uv run " } + # Install dependencies and pre-commit hooks install *extras: uv sync {{ extras }} @@ -15,23 +18,23 @@ lint-fix: format # Run all tests test: - uv run pytest + {{ _run }}pytest # Run tests with coverage coverage: - uv run pytest --cov --cov-report=term --cov-report=json --cov-report=html + {{ _run }}pytest --cov --cov-report=term --cov-report=json --cov-report=html # Run tool-specific tests test-tools: - uv run pytest tests + {{ _run }}pytest tests # Run example tests test-examples: - uv run pytest examples + {{ _run }}pytest examples # Run type checking ty: - uv run ty check stackone_ai + {{ _run }}ty check stackone_ai # Run gitleaks secret detection gitleaks: @@ -39,7 +42,7 @@ gitleaks: # Update version in __init__.py update-version: - uv run python scripts/update_version.py + {{ _run }}python scripts/update_version.py # Build package build: From 871c07685d18f9d4952e044efd8d0d9213d42245 Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 13:43:42 +0000 Subject: [PATCH 4/7] ci: add build-cache job to pre-build Nix environments Add a dedicated build-cache job that runs before other CI jobs to pre-populate the Nix store cache. This ensures that subsequent parallel jobs (gitleaks, ci matrix, coverage) can benefit from the cached derivations instead of each rebuilding from scratch. The build-cache job: - Runs as a matrix for both python311 and python313 - Builds the Nix development environment - Saves the cache via cache-nix-action for downstream jobs gitleaks, ci, and coverage jobs now depend on build-cache to ensure cache is available before they run. --- .github/workflows/ci.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 40d7c21..486ec09 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,7 +16,25 @@ permissions: id-token: write jobs: + build-cache: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ["python311", "python313"] + steps: + - name: Checkout repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + + - name: Setup Nix + uses: ./.github/actions/setup-nix + with: + python-version: ${{ matrix.python-version }} + + - name: Build Nix environment + run: nix develop .#${{ matrix.python-version }} --command true + gitleaks: + needs: build-cache runs-on: ubuntu-latest steps: - name: Checkout repository @@ -31,6 +49,7 @@ jobs: run: nix develop --command just gitleaks ci: + needs: build-cache runs-on: ubuntu-latest strategy: matrix: @@ -56,6 +75,7 @@ jobs: run: nix develop .#${{ matrix.python-version }} --command just test coverage: + needs: build-cache runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: From 8fd39fa6ad9efdc578f44f283546d8773416d989 Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 13:49:54 +0000 Subject: [PATCH 5/7] ci: include lockfile hash in cache key for proper invalidation Add flake.lock and uv.lock hash to the cache key so that: - Cache is saved when dependencies change (new hash = new key) - Old cache is still restored via restore-prefixes-first-match - Incremental updates build on previous cache This ensures cache hits do not prevent saving updated derivations while still benefiting from partial cache restoration. --- .github/actions/setup-nix/action.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index f756697..9f5f23f 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -16,7 +16,8 @@ runs: - name: Cache Nix store uses: nix-community/cache-nix-action@b426b118b6dc86d6952988d396aa7c6b09776d08 # v7 with: - primary-key: nix-${{ runner.os }}-${{ inputs.python-version }} + primary-key: nix-${{ runner.os }}-${{ inputs.python-version }}-${{ hashFiles('flake.lock', 'uv.lock') }} restore-prefixes-first-match: | + nix-${{ runner.os }}-${{ inputs.python-version }}- nix-${{ runner.os }}- gc-max-store-size: 4G From 507dbaeded2ad1e4757ca11315004fde6fdb33c4 Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 13:52:08 +0000 Subject: [PATCH 6/7] ci: remove build-cache job as lockfile hash handles invalidation Now that cache keys include lockfile hashes, proper invalidation happens automatically. Each job can build and save its own cache, making the dedicated build-cache job unnecessary. --- .github/workflows/ci.yaml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 486ec09..40d7c21 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,25 +16,7 @@ permissions: id-token: write jobs: - build-cache: - runs-on: ubuntu-latest - strategy: - matrix: - python-version: ["python311", "python313"] - steps: - - name: Checkout repository - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - - name: Setup Nix - uses: ./.github/actions/setup-nix - with: - python-version: ${{ matrix.python-version }} - - - name: Build Nix environment - run: nix develop .#${{ matrix.python-version }} --command true - gitleaks: - needs: build-cache runs-on: ubuntu-latest steps: - name: Checkout repository @@ -49,7 +31,6 @@ jobs: run: nix develop --command just gitleaks ci: - needs: build-cache runs-on: ubuntu-latest strategy: matrix: @@ -75,7 +56,6 @@ jobs: run: nix develop .#${{ matrix.python-version }} --command just test coverage: - needs: build-cache runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: From 10475d3c240580e2c012ebea06dba943088b432e Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Sat, 3 Jan 2026 14:09:29 +0000 Subject: [PATCH 7/7] ci: add pyproject.toml and src to cache key hash Include pyproject.toml and src/**/*.py in the cache key hash since source changes affect the editable install derivation. --- .github/actions/setup-nix/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index 9f5f23f..e85f528 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -16,7 +16,7 @@ runs: - name: Cache Nix store uses: nix-community/cache-nix-action@b426b118b6dc86d6952988d396aa7c6b09776d08 # v7 with: - primary-key: nix-${{ runner.os }}-${{ inputs.python-version }}-${{ hashFiles('flake.lock', 'uv.lock') }} + primary-key: nix-${{ runner.os }}-${{ inputs.python-version }}-${{ hashFiles('flake.lock', 'uv.lock', 'pyproject.toml', 'src/**/*.py') }} restore-prefixes-first-match: | nix-${{ runner.os }}-${{ inputs.python-version }}- nix-${{ runner.os }}-